Mobile Security

Today’s advanced enterprises make extensive use of mobile devices in order for team members to exchange information, collaborate, and carry out business whenever and wherever they need to. BlackBerries, iPhones, Google Phones, and other smartphones as well as PocketPCs and PDAs are now allowed wireless remote access to the enterprise network.

As a result, they introduce additional vulnerabilities into the system.

Bluetooth exploits and unencrypted passwords can allow malicious individuals to gain access to private information.
Various wireless technologies that have substantially simplified the task of transferring data have provided openings for malicious code. In addition, the diversity of these wireless technologies combined with the constrained environments of these devices have made it difficult to come up with an all-in-one solution.
All PocketPCs, PDAs and smartphones can be synchronised with PCs and laptops, giving malware an entry point into computers and networks. Memory cards are guilty of this too.
VoIP, which are usually unencrypted, allow other people to perform unauthorised capture and recording of private conversations.

Mobile security is still an emerging discipline. Because of this, many organisations that allow members’ mobile phone access into the network don’t actually have a specific security policy for such devices.

That’s why we’re here to help. We’ll conduct a thorough evaluation of your security policies and systems in relation to mobile devices and seal gaps we spot along the way. If you don’t have the needed policies or if what you have needs an overhaul, we’ll set everything up (including the needed applications and infrastructure) for you.

Once we’ve got everything in place, you won’t have to worry about the vulnerabilities mentioned earlier. In addition to that, your organisation will already be capable of preventing the following:

Access to company information when the phone ends up in the hands of anyone other than the authorised user.
Being billed for phone usage due to virus activity
Unauthorised phone activity monitoring through spyware
Other disruptions caused by mobile-based malware

Other defences we’re capable of putting up include:

Check our similar posts

Why Predictive Maintenance is More Profitable than Reactive Maintenance

Regular maintenance is needed to keep the equipment in your facility operating normally. All machinery has a design lifespan, and your goal is to extend this as long as possible, while maintaining optimal production levels. How you go about the maintenance matters, from routine checks to repairing the damaged component parts?all before the whole unit needs to be tossed away and a new one purchased and installed. Here, we will break down the different approaches used, and show you why more industries and businesses are turning to proactive maintenance modes as opposed to the traditional reactive approaches for their?field service operations.?

Reactive Maintenance: A wait and see game

Here, you basically wait for a problem to occur, then fix it. It’s also commonly referred to as a “Run-to-Failure” approach, where you operate the machines and systems until they break. Repairs are then carried out, restoring it to operational condition.?

At face value, it appears cost-effective, but the reality on the ground is far much different. Sure, when the equipment is new, you can expect minimal cases of maintenance. During this time, there?ll be money saved. However, as time progresses there?ll be increased wear, making reliance on a reactive maintenance approach a costly endeavour. The breakdowns are more frequent, and inconsistent as well. Unplanned expenses increase operational costs, and there will be lost productivity during the periods in which the affected machinery won’t be in operation.?

While reactive maintenance makes sense when you’re changing a faulty light bulb at home, things are more complicated when it comes to dealing with machinery in industries, or for those managing multiple residential and commercial properties. For the light bulb, it’s easier to replace it, and failure doesn’t have a ripple effect on the rest of the structures in the household. For industries, each time there is equipment failure, you end up with downtime, production can grind to a halt, and there will be increased environmental risks during equipment start-up and shutdown. If spare parts are not readily available, there will be logistical hurdles as you rush the shipping to get the component parts to the facility. Add this to overworked clients in a bit to complete the repair and to make up for lost hours and delayed customer orders.

For field service companies, more time ends up being spent. After all, there?s the need of knowing which parts needed to be attended to, where they are, and when the servicing is required. Even when you have a planned-out schedule, emergency repairs that are required will force you to immediately make changes. These ramps up the cots, affecting your operations and leading to higher bills for your client. These inconveniences have contributed to the increased reliance on?field service management platforms that leverage on data analytics and IoT to reduce the repair costs, optimise maintenance schedules, and?reduce unnecessary downtimes?for the clients.

Waiting for the machinery to break down actually shortens the lifespan of the unit, leading to more replacements being required. Since the machinery is expected to get damaged much sooner, you also need to have a large inventory of spare parts. What’s more, the damages that result will be likely to necessitate more extensive repairs that would have been needed if the machinery had not been run to failure.?

Pros of reactive maintenance

Less staff required.
Less time is spent on preparation.

Cons of reactive maintenance

Increased downtime during machine failure.
More overtime is taken up when conducting repairs.
Increased expenses for purchasing and storing spare parts.?
Frequent equipment replacement, driving up costs.?

This ?If it ain’t broke, don’t fix it? approach leads to hefty repair and replacement bills. A different maintenance strategy is required to minimise costs. Proactive models come into focus. Before we delve into predictive maintenance, let’s look at the preventive approach.?

Preventive Maintenance: Sticking to a timetable

Here, maintenance tasks are carried out on a planned routine?like how you change your vehicle?s engine oil after hitting a specific number of kilometres. These tasks are planned in intervals, based on specific triggers?like a period of time, or when certain thresholds are recorded by the meters. Lubrication, carrying out filter changes, and the like will result in the equipment operating more efficiently for a longer duration of time. While it doesn’t completely stop catastrophic failures from occurring, it does reduce the number of failures that occur. This translates to capital savings.??

The Middle Ground? Merits And Demerits Of Preventive Maintenance

This periodic checking is a step above the reactive maintenance, given that it increases the lifespan of the asset, and makes it more reliable. It also leads to a reduced downtime, thus positively affecting your company?s productivity. Usually, an 80/20 approach is adopted,?drawing from Pareto’s Principle. This means that by spending 80% of time and effort on planned and preventive maintenance, then reactive maintenance for those unexpected failures that pop up will only occur 20% of the time. Sure, it doesn’t always come to an exact 80/20 ratio, but it does help in directing the maintenance efforts of a company, and reducing the expenses that go into it.?

Note that there will need to be a significant investment?especially of time, in order to plan a preventive maintenance strategy, plus the preparation and delegation of tasks. However, the efforts are more cost effective than waiting for your systems and machinery to fail in order to conduct repairs. In fact, according to the US Dept. of Energy, a company can save between 12-18 % when using a preventive maintenance approach compared to reactive maintenance.

While it is better than the purely reactive approach, there are still drawbacks to this process. For instance, asset failure will still be likely to occur, and there will be the aspect of time and resource wastage when performing unneeded maintenance, especially when technicians have to travel to different sites out in the field. There is also the risk of incidental damage to machine components when the unneeded checks and repairs are being carried out, leading to extra costs being incurred.

We can now up the ante with predictive maintenance. Let’s look at what it has to offer:

Predictive Maintenance: See it before it happens

This builds on preventive maintenance, using data analytics to smooth the process, reduce wastage, and make it more cost effective. Here, the maintenance is conducted by relying on trends observed using data collected from the equipment in question, such as through vibration analysis, energy consumption, oil analysis and thermal imaging. This data is then taken through predictive algorithms that show trends and point out when the equipment will need maintenance. You get to see unhealthy trends like excessive vibration of the equipment, decreasing fuel efficiency, lubrication degradation, and their impact on your production capacities. Before the conditions breach the predetermined parameters of the equipment’s normal operating standards, the affected equipment is repaired or the damaged components replaced.??

Basically, maintenance is scheduled before operational or mechanical conditions demand it. Damage to equipment can be prevented by attending to the affected parts after observing a decrease in performance at the onset?instead of waiting for the damage to be extensive?which would have resulted in system failure. Using?data-driven?field service job management software will help you to automate your work and optimise schedules, informing you about possible future failures.

Sensors used record the condition of the equipment in real time. This information is then analysed, showing the current and future operational capabilities of the equipment. System degradation is detected quickly, and steps can be taken to rectify it before further deterioration occurs. This approach optimises operational efficiency. Firstly, it drastically reduces total equipment failure?coming close to eliminating it, extending the lifespan of the machinery and slashing replacement costs. You can have an orderly timetable for your maintenance sessions, and buy the equipment needed for the repairs. Speaking of which, this approach minimises inventory especially with regards to the spare parts, as you will be able to note the specific units needed beforehand and plan for them, instead of casting a wide net and stockpiling spare parts for repairs that may or may not be required. Repair tasks can be more accurately scheduled, minimising time wasted on unneeded maintenance.??

Preventive vs Predictive Maintenance?

How is predictive different from preventive maintenance? For starters, it bases the need for maintenance on the actual condition of the equipment, instead of a predetermined schedule. Take the oil-change on cars for instance. With the preventive model, the oil may be changed after every 5000?7500 km. Here, this change is necessitated because of the runtime. One doesn’t look at the performance capability and actual condition of the oil. It is simply changed because “it is now time to change it“. However, with the predictive maintenance approach, the car owner would ideally analyse the condition of the oil at regular intervals- looking at aspects like its lubrication properties. They would then determine if they can continue using the same oil, and extend the duration required before the next oil change, like by another 3000 kilometres. Perhaps due to the conditions in which the car had been driven, or environmental concerns, the oil may be required to be changed much sooner in order to protect the component parts with fresh new lubricant. In the long run, the car owner will make savings. The US Dept. of Energy report also shows that you get 8-12% more cost savings with the predictive approach compared to relying on preventive maintenance programs. Certainly, it is already far much more effective compared to the reactive model.?

Pros of Predictive Maintenance

Increases the asset lifespan.
Decreases equipment downtime.
Decreases costs on spare parts and labour.
Improves worker safety, which has the welcome benefit of increasing employee morale.
Optimising the operation of the equipment used leads to energy savings.
Increased plant reliability.

Cons of Predictive Maintenance

Initial capital costs included in acquiring and setting up diagnostic equipment.
Investment required in training the employees to effectively use the predictive maintenance technology adopted by the company.

The pros of this approach outweigh the cons.?Independent surveys on industrial average savings?after implementing a predictive maintenance program showed that firms eliminated asset breakdown by 70-75%, boosted production by 20-25%, and reduced maintenance costs by 25-30%. Its ROI was an average of 10 times, making it a worthy investment.

Data Leakage Prevention – Protecting Sensitive Information

When DuPont lost $400 million in intellectual property, it wasn’t because a hacker from the other side of the world infiltrated their system. The information was simply stolen by a former employee. Alarmingly, data loss incidents are not always caused by deliberate actions.

A file containing personal information accidentally attached to an email and sent to multiple recipients; financial data stored in a USB pen drive, accidentally left in a restaurant; or bank account data of colleagues, inadvertently posted on a company website – these are also some of the everyday causes of data loss.

A report done by research company Infowatch regarding global data leaks in 2010 showed that there were actually more accidental data leaks in that year compared to intentional ones. Accidental leaks comprised 53%, while intentional leaks comprised 42% (the rest were unidentified).

But even if they ?only? happened accidentally, breach incidents like these can still be very costly. The tens of thousands of dollars that you could sometimes end up paying in civil penalties (as in the case when you lose other people?s personal information) can just be the beginning. More costly than this is the loss of customer and investor confidence. Once you lose those, you could consequently lose a considerable portion of your business.

Confidential information that may already be leaking out right under your nose

With all the data you collect, process, exchange, and store electronically every day, your IT system has surely now become a storehouse of sensitive information. Some of them, you may be even taking for granted.

But imagine what would happen if any of the following trade secrets fell into the wrong hands: marketing plans, confidential customer information, pricing data, product development strategies, business plans, supplier information, source codes, and employee salaries.

These are not the only kind of data that you should be worried about. You could also get into trouble if your sloppy IT security fails to protect employee or client personal information such as their names; social security numbers; drivers license numbers; or bank account numbers and credit/debit card numbers along with their corresponding PINs.

In some countries, you could face onerous data breach notification requirements and heavy fines when these kind of data are involved.

There are now more holes to plug

It’s not just the different varieties of sensitive electronic information that you have to worry about. Because these data can take on different forms, i.e. data-at-rest, data-in-motion, and data-at-the-endpoints, you also need to take aim at different areas in your IT system.

Sensitive information can be found ?at rest? in each of your employees? hard disks, in your servers, storage disks, and in off-site backup disks. They can also be found ?in motion? in email, instant messaging, social networking messaging, P2P file sharing, ftp, http, and so on.

That’s not all. Your highly mobile workforce may have already introduced yet another high-risk area into your system: data-at-the-endpoints. This includes USB flash-disks, laptops, portable hard disks, CDs, and even smartphones.

The main challenge of data leak prevention

Having been made aware of the various aspects of data leakage, have you already come to grips with the extent of the task at hand?

There are two major things you need to do here to prevent data leakage.

One, you need to identify what data you have that can be considered as sensitive/confidential information. Of course you have financial information and employee salaries in your files. But do you also store personally identifiable information? Do you have trade secrets that are stored in electronic form?

Two, you need to pinpoint their locations. Are they only on your hard disks and laptops? Or have they made their way to flash drives, CDs/DVDs, or portable HDDs? Are they being transmitted through email or any other file transfer media?

The reason why you need to know what your sensitive data are as well as where they are is because you would like all efforts of securing them to be as efficient and unobtrusive as possible.

Let’s say, as a way of protecting your data, you decide to implement encryption. Since encryption can consume a lot of storage space and significantly reduce performance, it may be impractical to encrypt your entire database or all your files. For the same reason, you wouldn’t want to encrypt every single email that you send.

Thus, the best way would be to encrypt only the data that really need encryption. But again, you need to know what data needs to be encrypted and where those data can be found. That alone is no simple task.

Not only will you need to deal with the data you already have, you will also have to worry about the data that will go through your systems during the course of your day-to-day transactions.

Identifying sensitive data as it enters or leaves your system, goes through your network, or gets stored in your file system or database, and then applying the necessary security actions should be done automatically and intelligently. Otherwise, you could end up spending on a lot of man-hours or, worse, wasting them on a lot of false positives and negatives.

Contact Us

(+353)(0)1-443-3807 – IRL
(+44)(0)20-7193-9751 – UK

8 Reasons why you Need to Undertake Technical and Application Assessments

Are your information assets enabling you to operate more cost-effectively or are they just drawing in more risks than you are actually aware of? Obviously, you now need to get a better picture of those assets to see if your IT investments are giving you the benefits you were expecting and to help you identify areas where improvements should be made.

The best way to get the answers to those questions is through technical and application assessments. In this post, we?ll identify 8 good reasons why it is now imperative to undertake such assessments.

1. Address known issues – Perhaps the most common reason that drives companies to undertake a technology/application assessment is to identify the causes of existing issues such as those related to data accessibility, hardware and software scalability, and performance.

2. Cut down liabilities and risks – Unless you know what and where the risks are, there is no way you can implement an appropriate risk mitigation strategy. A technology and application assessment will enable you to thoroughly test and examine your information systems to see where your business-critical areas and points of failure are and subsequently allow you to act on them.

3. Discover emerging risks – Some risks may not yet be as threatening as others. But it would certainly be reassuring to be aware if any exist. That way, you can either nip them in the bud or keep them monitored.

4. Comply with regulations – Regulations like SOX require you to establish adequate internal controls to achieve compliance. Other regulations call for the protection of personally identifiable information. Assessments will help you pinpoint processes that lack controls, identify data that need protection, and areas that don’t meet regulatory requirements. This will enable you to act accordingly and keep your company away from tedious, time-consuming and costly sanctions.

5. Enhance performance – Poor performance is not always caused by an ageing hardware or an overloaded infrastructure. Sometimes, the culprits are: unsuitable configuration settings, inappropriate security policies, or misplaced business logic. A well-executed assessment can provide enough information that would lead to a more cost-effective action plan and help you avoid an expensive but useless purchase.

6. Improve interoperability – Disparate technologies working completely separate from each other may be preventing you from realising the maximum potential of your entire IT ecosystem. If you can examine your IT systems, you may be able to discover ways to make them interoperate and in turn harness untapped capabilities of already existing assets.

7. Ensure alignment of IT with business goals – An important factor in achieving IT governance is the proper alignment of IT with business goals. IT processes need to be assessed regularly to ensure that this alignment continues to exist. If it does not, then necessary adjustments can be made.

8. Provide assurance to customers and investors – Escalating cases of data breaches and identity theft are making customers and investors more conscious with a company?s capability of preserving the confidentiality of sensitive information. By conducting regular assessments, you can show your customers and investors concrete steps for keeping sensitive information confidential.